✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
Windows Misconfigs Keeping Hackers Employed in 2025
|
“Ransomware Threat Actors are very good at the basics, and this shows against companies that aren’t.” -SANS DFIR Aug 2023 Ethical Threat Insight: Windows Misconfigs That Shouldn’t Exist in 2025 I still find these in well-managed environments, and yes, attackers know it. Here are just three of the big ones:
That’s just a quick preview of what’s to come... In my upcoming webinar, I’ll walk you through seven misconfigs, show real-world attack paths they enable, and give you practical fixes you can roll out immediately. We will also have Q&A at the end. So if you've ever wanted to ask me questions, webinars are a great opportunity for that! 📅 Thursday August 28th, 12pm Eastern
P.S. My marketing team tells me we have a max of 500 live attendees, and spots fill up super fast as we get closer, so reserve your spot early. Hope to see you there! P.P.S This is so relatable... 😅 All the best
"Spirit of a hacker heart of a defender" |
Spencer Alessi
✔ Pentester/recovering sysadmin ✔ Self-proclaimed Ethical Threat ✔ Active Directory Security Connoisseur ✔ Offensive stuff — securit360.com ✔ Host Cyber Threat POV — offsec.blog ✔ SWAG — swag.ethicalthreat.com 📩 By subscribing, you’ll get exclusive access to industry insights, actionable tips for securing your environments, behind-the-scenes content from my pentests, and updates from someone who keeps a pulse on the ever-changing cyber threat landscape.
Security applied blindly is just another outage waiting to happen. Ethical Threat Insight: Active Directory Security Mistakes Active Directory is the backbone of your network, and attackers know it just as well (if not better) than most admins. A staggering amount of breaches don’t require fancy exploits. They rely on common misconfigurations, they count on IT admins not doing the hard things that need to be done to secure an AD environment. These are some of the most frequent (and dangerous)...
Downtime is decided months before the attack. Ethical Threat Insight: Surviving a Ransomware Attack A DC‑area Reddit thread described days of disruption after a hospital system was reportedly hit by Rhysida ransomware. How much was the ransom? ~$3 million USD at the time of the incident. 😲 It’s a painful, real‑world reminder: your ability to operate “offline” is the difference between chaos and continuity. The time to have a plan and to prepare is before the proverbial SHTF. 6 ways to prepare...
Who you choose to test your environment matters just as much as what they test. Ethical Threat Insight: Internal Pentest Report Red Flags If you know a little bit about me, you know internal pentesting is kind of my thing. I’ve done more than 120 internal pentests in the last 5 years. What I have come to realize is that not all internal pentests are created equal, especially when it comes to reporting. Most internal pentest reports look impressive at first glance, but after you dig into them...